Jump to content

Can't remove svchost.exe and additional problem found by RK


reba_kay
 Share

Recommended Posts

I've seen lots of posts on removing svchost.exe, so I attempted to start down the removal path. Malwarebytes has removed svchost.exe several times, but it keeps finding it again. I have also used mcafee, kaspersky, and others. After reading posts, it seems the first step is to run Rogue Killer. I have done that and here is the log: It looks like there is another problem, too???? Not sure what my next step should be.

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : BNB [Admin rights]

Mode : Scan -- Date : 11/09/2012 19:01:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b\n.) -> FOUND

[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-448086352-994739028-191266335-1000\$c614d3bf243a3fd7a4fd36cd3756874b\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-448086352-994739028-191266335-1000\$c614d3bf243a3fd7a4fd36cd3756874b\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.